OrangeHRM versions 3.3.1 and below suffer from an unauthorized data manipulation vulnerability.
1f29e60d43418bbd4fba574abac4e07b014ed91d412c75eedb2deb6a5aa41d16
HP Security Bulletin HPSBHF03513 - Potential security vulnerabilities have been identified with certain HP PCs and workstations with Windows and Linux running the NVidia Graphics Driver. The vulnerabilities could be locally exploited resulting in Denial of Service (DoS) and elevation of privilege. Note: This issue is present on Windows and Linux operating systems and affects all currently supported NVIDIA driver releases and all GPUs. This issue does not affect Android based NVIDIA Tegra products. Revision 1 of this advisory.
ec26c4604b9de2314879b4fe75f99245c83a0fb1824494b34d2637127bf7aa05
Debian Linux Security Advisory 3368-1 - It was discovered that cyrus-sasl2, a library implementing the Simple Authentication and Security Layer, does not properly handle certain invalid password salts. A remote attacker can take advantage of this flaw to cause a denial of service.
fb30de4dfb472107cab21da532594e838feefffc940985cd87decc7dbaf7fbc4
Gentoo Linux Security Advisory 201509-7 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.521 are affected.
94d0e02348fcb5f061e23d159a5edf9376fdacd6815e90a1760a26e2e16eef18
Ubuntu Security Notice 2746-2 - USN-2746-1 fixed a vulnerability in Simple Streams. The update caused a regression preventing MAAS from downloading PXE images. This update fixes the problem. It was discovered that Simple Streams did not properly perform gpg verification in some situations. A remote attacker could use this to perform a man-in-the-middle attack and inject malicious content into the stream. Various other issues were also addressed.
7b09a0d72f7034d833f88eb6791490c832b585167b9f3d5c9d54469a9097fe5c
Apache Cordova Android File Transfer plugin versions 1.2.1 and below suffer from an HTTP header injection vulnerability.
1c678a1c4f57462b9c536f091f42eac61d776820a65cd8bd687da721e960449a
Ubuntu Security Notice 2745-1 - Lian Yihan discovered that QEMU incorrectly handled certain payload messages in the VNC display driver. A malicious guest could use this issue to cause the QEMU process to hang, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Qinghao Tang discovered that QEMU incorrectly handled receiving certain packets in the NE2000 network driver. A malicious guest could use this issue to cause the QEMU process to hang, resulting in a denial of service. Various other issues were also addressed.
10d84d56be340b435ae90a54578f4d46671992f41d69ef51bbda5a96fc7195c1
Gentoo Linux Security Advisory 201509-6 - An attacker could execute arbitrary commands via Git repositories in a case-insensitive or case-normalizing filesystem. Versions less than 2.0.5 are affected.
f5c875abddf16229107d11e985b0b6283b6e21ef181d91bc716e8c756b6d3cba
Gentoo Linux Security Advisory 201509-5 - Improper handling of Router Advertisements in NetworkManager could cause a Denial of Service condition in IPv6 network stacks. Versions less than 1.0.2 are affected.
9ea586c90a77433be74d0183681c6a777f13a7219f8a16e512c2ebc1c4f2b69d
Gentoo Linux Security Advisory 201509-4 - Multiple vulnerabilities have been found in libtasn1, the worst of which could lead to arbitrary code execution. Versions less than 1.4.5 are affected.
7409f641de00682e65c15ff139158d68c60b58fefecad508e0f36dd168033008
Gentoo Linux Security Advisory 201509-3 - Multiple vulnerabilities have been found in Cacti, the worst of which could lead to arbitrary code execution. Versions less than 0.8.8d are affected.
7a4f1dbc306cb7046c88c372fc9d48510bfe0a35ebb5b4a0471b6a480296dc83
Gentoo Linux Security Advisory 201509-2 - Multiple vulnerabilities have been found in cURL, the worst of which can allow remote attackers to cause Denial of Service condition. Versions less than 7.43.0 are affected.
f5b5b9e3238bd4c9cdd7e927d7530352831a5a3d3d388eaff85cf3fbcee5d92e
Gentoo Linux Security Advisory 201509-1 - Multiple vulnerabilities have been found in NTP, the worst of which could lead to arbitrary code execution. Versions less than 4.2.8_p3 are affected.
655635fa6995896fdb8eeaae23aa01b3be957c61de9b5732755b0250e88c45ed
Ubuntu Security Notice 2746-1 - It was discovered that Simple Streams did not properly perform gpg verification in some situations. A remote attacker could use this to perform a man-in-the-middle attack and inject malicious content into the stream.
48fb30d17da30955a2d3d15555d69d08f3c8dc61ae3a3794395df8798e23d3f1
Red Hat Security Advisory 2015-1834-02 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Two information leak flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to disclose sensitive information or, in certain cases, crash.
b4094aaec45328ec88bd778806c0553e4b43fcf067ab45f0f86192283435c8f9
Debian Linux Security Advisory 3367-1 - Multiple vulnerabilities were discovered in the dissectors/parsers for ZigBee, GSM RLC/MAC, WaveAgent, ptvcursor, OpenFlow, WCCP and in internal functions which could result in denial of service.
e50e19d610e227017d0193e73b3efddd4ee08aa437c684c64dfbd872faa698d1
Ubuntu Security Notice 2743-3 - USN-2743-1 fixed vulnerabilities in Firefox. Future Firefox updates will require all addons be signed and unity-firefox-extension, webapps-greasemonkey and webaccounts-browser-extension will not go through the signing process. Because these addons currently break search engine installations (LP: #1069793), this update permanently disables the addons by removing them from the system. We apologize for any inconvenience. Various other issues were also addressed.
564fc19466fc9d259864b3e1262550162910ed750aeccda7e3fcc69fab9bd8b9
A file inclusion vulnerability in "BIRT Viewer" servlet used in BMC Remedy AR Reporting has been discovered. Versions 8.1 and 9.0 are affected.
257cc0fd068f03a307cbab920950a5dbba966d365015b81a1f67198b1529af6a
Red Hat Security Advisory 2015-1837-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A heap-based buffer overflow issue was found in the QEMU emulator's VNC display driver. It could occur while refreshing the VNC server's display surface using the vnc_refresh_server_surface() routine. A privileged guest user could use this flaw to corrupt the heap memory and crash the QEMU process instance, or to potentially use it to execute arbitrary code on the host.
25a986a69f69dfb4207b40a2147c13f035bbe0b10e30563935730b794dd67a88
Ubuntu Security Notice 2744-1 - Halfdog discovered that Apport incorrectly handled kernel crash dump files. A local attacker could use this issue to cause a denial of service, or possibly elevate privileges. The default symlink protections for affected releases should reduce the vulnerability to a denial of service.
dee7f3fa2888859a2f779bee89c68c507cea1c1a90dff31a934e31fb62b1d8a9
Debian Linux Security Advisory 3366-1 - A remotely triggerable use-after-free vulnerability was found in rpcbind, a server that converts RPC program numbers into universal addresses. A remote attacker can take advantage of this flaw to mount a denial of service (rpcbind crash).
98be0a92a93f054d0e77b6763c292f565ae1d55068b02c508f3de091e937e53d
A file inclusion vulnerability in the "BIRT Engine" servlet used in BMC Remedy AR Reporting has been discovered. Versions 8.1 and 9.0 are affected.
d1c67acf2296b14667db65143804438a4df4fc202748bde4c1b51d8b462144c0
Debian Linux Security Advisory 3365-1 - Multiple security issues have been found in Iceweasel, Debian's version integer overflows, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service.
9f06181535993a2ed1465714f151805630edd6d8b335d381b49719f716301fdc
RSA Archer GRC version 5.5.3 suffers from cross site scripting, improper authorization, and information disclosure vulnerabilities.
c54811b8c5daa0f2f91c5eb39b919b6ddcb97837b722c57d324f1fd49df6558d
Cisco Security Advisory - A vulnerability in the processing of IPv4 packets that require Network Address Translation (NAT) and Multiprotocol Label Switching (MPLS) services of Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4300 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper processing of IPv4 packets that require NAT and MPLS processing. An attacker could exploit this vulnerability by sending an IPv4 packet to be processed by a Cisco IOS XE device configured to perform NAT and MPLS services. A successful exploit could allow the attacker to cause a reload of the affected device. Cisco has released software updates that address these vulnerabilities. There are no workarounds to mitigate this vulnerability.
426911a2340b77ce46c2ba99fd3f3b7030de0d1d02a5d5585ee5a5138cc0f294